返回 CVE 浏览器

CVE-2016-10345

HIGH

7.8

CVSS Severity Score

EPSS Score0.1140%

EPSS Percentile25.58th

Published2017年4月18日

Last Modified2026年5月13日

Vulnerability Description

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

Affected Platforms (CPE)

📦

Phusion

Passenger

<= 5.0.30

References & Advisories

🔗 https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG

🔗 https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441

🔗 https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG

🔗 https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441

相关漏洞威胁

CVE-2018-120269.8

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such ...

CVE-2018-120278.8

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the ...

CVE-2018-120287.8

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malici...

CVE-2012-61357.5

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.